Secarma Ltd

psychoPATH

psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & web file upload implementations allowing to write files into the webroot (aka document root). The "blind" aspect is the key here and is inherent to dynamic testing usually conducted with no access to the source code or the filesystem.

chunkyTuna

An interactive webshell and HTTP tunnel for TCP connections using chunked transfer encoding

dns-parallel-prober

PoC for an adaptive parallelised DNS prober

IoTChecklist

Baseline IoT security checklist. Consider security as early in development as possible and reap the rewards.

Indushell

PoC C&C for the Industroyer malware

HttpPwnly

"Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protection against session hijacking via XSS

git-fingerprint

Enumerate information from a target using git

rdpupload

Python script which will type a file into an RDP session. For when drag and drop and disk mounting is not possible

DemoExtender

Code used for a tutorial to get Netbeans GUI editor to work with a Burp Suite Extender

BurpExtenderForge

An Extender for Burp Suite allowing you to quickly craft Extenders in Burp.

explodingcan-checker

ExplodingCan Checker

SSRS

presentations

Starting to put presentations someplace centrally.

shelling

SHELLING - a comprehensive OS command injection payload generator